Known Vulnerabilities for products from GNOME
Listed below are 20 of the newest known vulnerabilities associated with the vendor "GNOME".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39683 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-5201 json | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due... | Not Provided | 2026-03-31 | 2026-05-12 |
| CVE-2026-5119 json | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are t... | Not Provided | 2026-03-30 | 2026-05-11 |
| CVE-2026-4271 json | A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in t... | Not Provided | 2026-03-17 | 2026-05-11 |
| CVE-2026-2708 json | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() f... | Not Provided | 2026-04-23 | 2026-05-04 |
| CVE-2026-2436 json | A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_serv... | Not Provided | 2026-03-26 | 2026-04-21 |
| CVE-2026-2369 json | A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, l... | Not Provided | 2026-03-19 | 2026-04-28 |
| CVE-2025-14512 json | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflo... | Not Provided | 2025-12-11 | 2026-05-11 |
| CVE-2025-14087 json | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a deni... | Not Provided | 2025-12-10 | 2026-05-11 |
| CVE-2025-13601 json | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_st... | Not Provided | 2025-11-26 | 2026-04-19 |
| CVE-2025-6052 json | A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combi... | Not Provided | 2025-06-13 | 2026-05-12 |
| CVE-2024-34397 json | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribe... | Not Provided | 2024-05-07 | 2026-05-12 |
| CVE-2023-43090 json | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of t... | 5.5 - MEDIUM | 2023-09-22 | 2023-09-26 |
| CVE-2023-38633 json | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to discl... | 5.5 - MEDIUM | 2023-07-22 | 2024-01-24 |
| CVE-2023-36250 json | CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted... | 7.8 - HIGH | 2023-09-14 | 2023-09-19 |
| CVE-2023-32665 json | A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can ... | 5.5 - MEDIUM | 2023-09-14 | 2023-11-07 |
| CVE-2023-32643 json | A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for... | 7.8 - HIGH | 2023-09-14 | 2023-09-20 |
| CVE-2023-32636 json | A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by addition... | 7.5 - HIGH | 2023-09-14 | 2023-11-10 |
| CVE-2023-32611 json | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause exces... | 5.5 - MEDIUM | 2023-09-14 | 2023-11-07 |
| CVE-2023-29499 json | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading ... | 7.5 - HIGH | 2023-09-14 | 2023-11-27 |
Known software with vulnerabilities from GNOME
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gnome | At-spi2-atk | 0.1.0 |
| Application | Gnome | Balsa | 2.5.0 |
| Application | Gnome | Byzanz | - |
| Application | Gnome | Control Center | - |
| Application | Gnome | Dia | 2019-11-27 |
| Application | Gnome | Epiphany | 0.7.0 |
| Application | Gnome | Evince | 0.1.0 |
| Application | Gnome | Evolution | - |
| Application | Gnome | Evolution-data-server | - |
| Application | Gnome | Evolution-data-server3 | 3.0.3 |
| Application | Gnome | Evolution-ews | - |
| Application | Gnome | Evolution Data Server | 3.9.1 |
| Application | Gnome | Eye Of Gnome | 3.16.5 |
| Application | Gnome | File-roller | 2.32.2 |
| Application | Gnome | Gcab | 0.4 |
| Application | Gnome | Gdk-pixbuf | - |
| Application | Gnome | Geary | 0.1 |
| Application | Gnome | Gedit | 3.22.1 |
| Application | Gnome | Glib | 1.1.0 |
| Application | Gnome | Glib-networking | 2.25.0 |